Age | Commit message (Collapse) | Author |
|
With this change the pull protocol implementation processes will pass
progress data to importd which then passes this information on via the
bus. We use sd_notify() as generic transport for this communication,
making importd listen to them, while matching the incoming messages to
the right transfer.
|
|
|
|
"systemd-pull"
This way "systemd-importd" is the daemon that uses "systemd-pull" as
backend worker.
|
|
|
|
client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
|
|
This will also be used in dhcp4-client.
|
|
This way, we can import CoreOS images unmodified.
|
|
This covers the general functionality as well as regression tests for recent
fixes like commits b7e718 and 1ed0c19.
|
|
This also adds an initial keyring for the verification, that contains
Ubuntu's and Fedora's key. We should probably add more entries sooner or
later.
|
|
Use the parallel test runner's TEST_EXTENSIONS/*_LOG_COMPILER feature
(https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html)
to run *.py tests through $(PYTHON), and only if we have python
available/enabled.
This eliminates the need of having shell wrappers, thus drop
test/rules-test.sh.
|
|
files
|
|
Ubuntu provides their cloud images optionally as tarball, hence also
support downloading those.
|
|
Don't hardcode "python" or /usr/bin/python, but use the configured $(PYTHON).
|
|
|
|
to target
|
|
This implements a shared policy cache with read-write locks. We no longer
parse the XML policy in each thread.
This will allow us to easily implement ReloadConfig().
|
|
Make sure stdio-bridge can be found in $PATH. Otherwise, "xyzctl -H"
fails.
|
|
Instead of using Accept=true and running one proxy for each connection, we
now run one proxy-daemon with a thread per connection. This will enable us
to share resources like policies in the future.
|
|
Now that we want to make bus-proxy multi-threaded, we have to bring back
the systemd-stdio-bridge for our TCP use-cases.
|
|
Move all the proxy code into a "struct Proxy" object that can be used
from multiple binaries.
We now dropped SMACK as we have to refactor it to work properly. We can
introduce it later on.
|
|
With this change the import tool will now unpack qcow2 images into
normal raw disk images, suitable for usage with nspawn.
This allows has the benefit of also allowing importing Ubuntu Cloud
images for usage with nspawn.
|
|
That way we can download fedora cloud raw images as-is and decompress
them on-the-fly.
|
|
|
|
|
|
There is no reason to keep both separated. We want to avoid API specific
tools and instead keep generic terms like 'input'.
|
|
Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into
driver.c for better code separation.
|
|
After all, nspawn can now dissect MBR partition levels, too, hence
".gpt" appears a misnomer. Moreover, the the .raw suffix for these files
is already pretty popular (the Fedora disk images use it for example),
hence sounds like an OK scheme to adopt.
|
|
This exposes an IP port on the container as local port using DNAT.
|
|
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
|
|
rules, using libiptc
|
|
This rule is only run on tablet/touchscreen devices, and extracts their size
in millimeters, as it can be found out through their struct input_absinfo.
The first usecase is exporting device size from tablets/touchscreens. This
may be useful to separate policy and application at the time of mapping
these devices to the available outputs in windowing environments that don't
offer that information as readily (eg. Wayland). This way the compositor can
stay deterministic, and the mix-and-match heuristics are performed outside.
Conceivably, size/resolution information can be changed through EVIOCSABS
anywhere else, but we're only interested in values prior to any calibration,
this rule is thus only run on "add", and no tracking of changes is performed.
This should only remain a problem if calibration were automatically applied
by an earlier udev rule (read: don't).
v2: Folded rationale into commit log, made a builtin, set properties
on device nodes themselves
v3: Use inline function instead of macro for mm. size calculation,
use DECIMAL_STR_MAX, other code style issues
v4: Made rule more selective
v5: Minor style issues, renamed to a more generic builtin, refined
rule further.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=88271
|
|
This fixes parsing of options in shared/generator.c. Existing code
had some issues:
- it would treate whitespace and semicolons as seperators. fstab(5)
is pretty clear that only commas matter. And the syntax does
not allow for spaces to be inserted in the field in fstab.
Whitespace might be escaped, but then it should not seperate
options. Treat whitespace and semicolons as any other character.
- it assumed that x-systemd.device-timeout would always be followed
by "=". But this is not guaranteed, hasmntopt will return this
option even if there's no value. Uninitialized memory could be read.
- some error paths would log, and inconsistently, some would just
return an error code.
Filtering is split out to a separate function and tests are added.
Similar code paths in other places are adjusted to use the new function.
|
|
|
|
|
|
|
|
|
|
user-status" and "loginctl session-status"
|
|
|
|
Commit 003dffde2c1b93 ("machined: Move image discovery logic into src/shared,
so that we can make use of it from nspawn") moved some definitions from
machine.h to a new machine-dbus.h, but did not include it in Makefile.am
Tested that `make distcheck` works after this fix.
|
|
various other tools
|
|
Even though we use fallocate() it appears that file systems like btrfs
will trigger SIGBUS on certain low-disk-space situation. We should
handle that, hence catch the signal, add it to a list of invalidated
pages, and replace the page with an empty memory area. After each write
check if SIGBUS was triggered, and consider the write invalid if it was.
This should make journald a lot more robust with file systems where
fallocate() is not reliable, for example all CoW file systems
(btrfs...), where changing written data can fail with disk full errors.
https://bugzilla.redhat.com/show_bug.cgi?id=1045810
|
|
systemd.pc contains "libdir" which can be architecture specific. Thus it needs
to be installed into libdir/pkgconfig/ instead of datadir/pkgconfig.
As nothing else is using pkgconfigdata any more, remove it entirely.
Note that udev.pc does not contain architecture specific values and thus can be
kept in /usr/share/pkgconfig/.
|
|
When doing "make clean" the unit/machines.target file gets deleted.
This causes a build error later on when trying to rebuild systemd.
V2: The file probably belongs to dist_systemunit_DATA
|
|
- Unescape instance name so that we can take almost anything as instance
name.
- Introduce "machines.target" which consists of all enabled nspawns and
can be used to start/stop them altogether
- Look for container directory using -M instead of harcoding the path in
/var/lib/container
|
|
use of it from nspawn
|
|
The file was moved from src/libsystemd-network to src/systemd in commit
7a6f1457462840 ("sd-lldp: minor header cleanup").
This fixes "make distcheck".
|
|
subvolumes
We make use of the btrfs subvol crtime for this, and for gpt images of a
manually managed xattr, if we can.
|
|
internet
|
|
This way "machinectl login" can be opened up to run without privileges.
|